Information Security GRC Analyst

Position: Senior Information Security GRC Analyst

Duration of the Contract: 12 Months (Possibility for Extension)

Location: South Carolina (100% Remote)

Interview Process: 1-2 Rounds of Virtual person availability for interviews preferred.

• Work Location: Role is 100% Remote. Preference will be given to local candidates who can come to the office as needed for client and departmental meetings trainings and other onsite activities.
• Candidate location: No South Carolina residency required. Open to nationwide candidates. All travel-related costs for onsite work will be the responsibility of the resource no matter the frequency of onsite work.

Scope of the project:

This position with perform duties as part of DIS execution of its responsibilities under the state-wide information security program. DIS Responsibilities include:

• Supporting agencies during their development of the information security program with direct tactical implementation assistance.
• Developing and tracking agency information security implementation plans.
• Interview administrators managers and third parties to aid in development of program artifacts.
• Ensuring high-level assessments of agencies infosec work to ensure progress is made.
• Providing high-level analysis of process and procedures work to ensure compliance with state standards.

Daily Duties / Responsibilities:

Duties include but are not limited to:

• Interviewing business and technical owners to determine policies and procedures used for each agency process.
• Developing and tracking infosec implementation plan progress.
• Documenting information gathered during both interviews and
• Document reviews to assist with developing formal process and procedures.
• Assessing agency documentation to ensure adequate approaches are used to comply with controls.

Required skills (must include years of experience in order of importance):

• 10 Years of Experience in Information Security and Compliance.
• 2 Years of Experience with security audits based on a standard control set as an auditor or responding information system security officer
• Must Have a Strong Working Knowledge of NIST 800-53 (2 Years of Experience)
• Prior Experience POA&M or CAP.
• Strong Communication Experience.
• Experience With Using a GRC Tool (Archer or Similar) (3 Years of Experience)

Preferred Skills (Rank in order of Importance):

• Have completed an information security plan or system security plan notebook.
• Simultaneously manage multiple infosec work efforts.
• Knowledge of IRS 1075 HIPAA CJIS MARS-E and/or PCI-DSS.
• Government sector experience

Additional Skills:

• Ability to identify map and re- engineer business processes.
• Strong schedule management and resource planning skills.
• Ability to work at a high-volume and fast pace.
• Strong collaborator and strong ability to meet deadlines.

Preferred Certifications:

CISA GSLC or equivalent certification

Required Education:

• Bachelors Degree